This blog post uses capabilities that are added in Windows 10, version 1809, which is currently still in preview.
This week a short blog about another relatively new Windows AutoPilot feature. This week is all about assigning a specific user to a specific Windows AutoPilot device. That enables an administrator to directly assign a user to a Windows AutoPilot device. Assigning a user to a Windows AutoPilot device will make sure that the username will be pre-filled during Windows setup. It also lets the administrator set a custom greeting name, which will also be added during the Windows setup. In this post I’ll show the actual configuration steps, followed by the end-user experience.
Configuration
Before starting with the actual configuration steps, it’s important to name a few prerequisites.
- Azure AD company branding is configured;
- Device is running Windows 10, version 1809 or later;
- User is Microsoft Intune licensed
When the prerequisites are in place, it’s time to start looking at the actual configuration. The following five steps walk through assigning a user to a Windows AutoPilot device.
1 | Open the Azure portal and navigate to Intune > Device enrollment > Windows enrollment to open the Device enrollment – Windows enrollment blade; |
2 | On the Device enrollment – Windows enrollment blade, click Devices to open the Windows AutoPilot devices blade; |
3 | On the Windows AutoPilot devices blade, select the specific device (make sure to check the box) and click Assign user to open the Select user blade; |
— | ![]() |
4 | On the Select user blade, select the specific user and click Select, which will open the Properties blade of the device; |
5 |
Note: This will provide a message like in this case “Awesome dude has ben successfully assigned to 3008-9109-1000-6969-987…” |
End-user experience
Now let’s end this post by looking at the end-user experience when using a user-driven deployment. After configuring the location and the keyboard, the user will get a personal welcome message. The message includes the configured custom user friendly name and the username will be preconfigured (as shown below). The user only needs to provide a password and click Next.
Note: This experience does not work when used in combination with ADFS.
More information
For more information about assigning a user to a Windows AutoPilot device, please refer to the documentation Enroll Windows devices by using the Windows AutoPilot | Assign a user to a specific Autopilot device.
Discover more from All about Microsoft Intune
Subscribe to get the latest posts sent to your email.
Hello Peter,
Is there any possibility to assign users to autopilot devices in bulk? (script, graph)
Thanks
Hi Christophe,
Yes, you can use Graph to assign users in bulk to devices (look for AssignUserToDevice).
Regards, Peter
what if you need to reassign it to someone else afterwards ? Do you ‘wipe’ or do an autopilot reset ?
Both result in deleting all the apps. Then the pain of reinstalling the apps.
Hi Mohammed,
Keep in mind that an Autopilot Reset will retain the Azure AD join and Intune enrollment.
Regards, Peter
Yes so. How do you reassign a Device to someone else ? without losing the apps ?
Have a look at this post for your options, Mohammad.
Hi Peter,
Assign user to autopilot wasn’t successful for me. Self deployment auto pilot works but not the assign user.
Hi Priyaa,
You mean assigning an user to a device for self-deploying mode? If so, self-deploying mode is not really designed for user specific device. That’s the user drive mode.
Regards, Peter
Hi Peter, do you happen to know how to bypass the assigned user when first logging into Autopilot? There does not seem to be a (documented) way and one can imagine scenarios where this might be required. Just want it to ask for the user name instead of pre-populating. Thanks!
Hi Tom,
You mean the Shift+F10 combination to open a command prompt?
Regards, Peter
Hi Peter,
I am trying to learn Intune as best I can but always seem to be hitting walls. I tried the Assign User feature in Intune Autopilot but now want to remove the user (and not add another.) Is there an easy way to remove the user (again without adding a different user.)?
Hi James,
I haven’t seen that option in the UI yet.
Regards, Peter
Hi Peter,
Just an FYI. I finally found the remove assigned user option for the autopilot device. You must click the three dots to the right of the object you want to remove the assigned user from. I guess they don’t want you doing this to multiple devices at once. I also believe I have clicked this before but did not have the option presented so I cannot say when the option became available. Just glad it is there.
Ah, thank you James! I have to admit that I didn’t see that yet.
I have a question. I have been assigning autopilot devices to users using this method. Generally, the OOBE is like this as expected, but occasionally, even when it passes the white glove and shows the correct assigned user, upon reboot the user is greeted with a screen that says, “Who’s going to use this PC?” I want the OOBE to restrict access to only the assigned user, like in this article. Is there a reason why this would sometimes happen?
Hi Jim,
I haven’t seen that particular behavior recently. Sounds like it wasn’t able to retrieve the correct information. Would it show the correct information after another reboot?
Regards, Peter
Hey Peter
We use a custom role for our admins to enable them to import devices to Autopilot and set GroupTags as well as giving them other needed rights to manage devices in Intune.
But we do not find the setting to enable them to assign a user to a new device. The button is greyed out.
Do you know the setting how to activate this?
Greetings, Thomas
Hi Thomas,
What permissions have you provided to those users at this moment?
Regards, Peter
I’m having a similar issue. We want to hire a group of sneakers to do a bulk whiteglove deploy of a large batch of new laptops and rather not give them any more permissions that necessary to do the assignment of users to the autopilot and then go through whiteglove to get it done.
The Custom Intune Role “AutoPilot Operator” was created with the following permissions:
Audit data
– Read
Enrollment programs
– Assign profile
– Create device
– Sync device
– Delete device
– Read device
– Read profile
Managed devices
– Read
– Set primary user
– Update
Organization
– Read
Unfortunately, the “Set Primary User” permission only has relevance to the Intune management object and not the autopilot object.
Hi Reinder,
And what is it that you want those sneakers to perform?
Regards, Peter
I would like the sneakers to be able to assign a user to an autopilot registered asset, to prepare the device for whiteglove deployment.
The “set primary user” only lets the sneakers change the primary user after deployment, but that defeats the purpose of whiteglove deploying all applications, including the specifically user assigned apps.
Right now I need a privileged user with the intune admin entra role on standby all the time to do (re)configure the assigned user.
Figured it out with a lot of outside help (big shout out to Frans Oudendorp).
Apparently in older tenants, you need to hit the “Allow access to unlicensed admins” button to actually activate the Intune RBAC roles. Missed that step since tenants created after a certain year, have this enabled by default and I never came across this setting because of that.
Ah, that’s great to hear! Thanks for sharing the solution!
Regards, Peter
Hey Peter,
do you know if something has changed in this procedure?
We we’re using the user assignment for quite a long time – but now if we assign a user, the assignment is ignored.
The user is presented the welcome screen (“Welcome to xxx GmbH!”) but he is asked for the email address, just like no user was assigned.
We thought maybe something was wrong with the new user account – but also tried with a account that was working previously – also the same.
Thanks in advance!
Werner
Hi Werner,
I’m not aware of any big changes. If the user is assigned and no ADFS is used, you might want to contact Microsoft.
Regards, Peter
Hi Peter,
I do have the same problem; My system used to word with no issue until last week!
On the Windows Autopilot configuration window, everything is shown perfect as before but the Assinnged user, even though it’s assigned on the Intune side. it says, “Not assigned.”
Hi Saeid, (and others,)
There was are recent change by Microsoft to pre-population the UPN of the user: https://techcommunity.microsoft.com/t5/intune-customer-success/updates-to-the-windows-autopilot-sign-in-and-deployment/ba-p/2848452
Regards, Peter
Hello,
Anyone hve the same problem? Since few month when I assign in Autopilot a user, it appear but, when I start the process in laptop, it ask to me the UPN. Always I assigned the device to users and they only need to introduce their passwords.
In Autopilot page i view the assignments correctly, but the proccess allow introduce otherupn.
Thank you
Hi Alvaro,
That was a recent change in behavior.
Regards, Peter